Oracle® Application Server Certificate Authority Administrator's Guide
10g Release 2 (10.1.2) B14080-02 |
|
Previous |
Next |
Oracle offers OracleAS Web Cache to help e-businesses manage Web site and Web-based application performance issues. OracleAS Web Cache is a content-aware server accelerator, or reverse proxy server, that improves the performance, scalability, and availability of Web sites that run on Oracle Application Server.
This Appendix explains how you can deploy OracleAS Web Cache to work with Oracle Application Server Certificate Authority. It provides key instructions and provides references for additional reading that you may find useful during configuration.
Perform the installation in the following stages:
Configure OracleAS WebCache for OracleAS Certificate Authority
Configure OracleAS Certificate Authority Virtual Hosts for OracleAS WebCache
Install OracleAS Web Cache by installing an instance of Oracle Application Server with the "J2EE and Webcache" component option. Although in practice you can install this instance on the same machine where OracleAS Certificate Authority resides, for testing purposes it is preferable to install OracleAS Web Cache on a different machine with a different hostname.
For more information, see the following:
To download free release notes, installation documentation, white papers, or other collateral for OracleAS Web Cache, please visit the Oracle Technology Network (OTN) at http://www.oracle.com/technology/index.html
.
For configuration details, see the Oracle Application Server Web Cache Administrator's Guide, specifically "Part II, Configuration and Administration of OracleAS Web Cache".
Configure OracleAS Web Cache for OracleAS Certificate Authority and OracleAS Single Sign-On. Use these steps:
Obtain an SSL server wallet for the machine on which OracleAS Web Cache resides. Use Oracle Wallet Manager for this task.
Note: The CN is the Web Cache host name. |
See the Oracle HTTP Server Administrator's Guide for details.
Use Oracle Enterprise Manager 10g to configure OracleAS Web Cache. From the Application Server Admin Control:
Go to webcache -> Administration
Under Webcache -> Ports, create Web Cache listener ports. There should be one port for each server, namely Web Cache listener port 4600 for OracleAS Certificate Authority port 6600 (server auth), Web Cache listener port 4601 for OracleAS Certificate Authority port 6601 (mutual auth), and Web Cache listener port 7778 for SSO port 7777 (non-SSL).
For each port you configure, make sure to check HTTPS, specify Web Cache SSL wallet for SSL server (for example, the OracleAS Certificate Authority server), and client certificate for mutual authentication port, if required. For example, port 4601 should be HTTPS and requires a client certificate.
Under Application -> Origin Servers, create origin servers.
The origin server is the description of the web server (host, port and protocol). There are two origin servers for OracleAS Certificate Authority, the first for https://hostname:6600 and the second for https://hostname:6601.
There is also an origin server for OracleAS Single Sign-On.
Under Application -> Sites, create sites. A site contains the Web Cache hostname, above Listener port and protocol. Click on Advanced to choose HTTPS and Required Client Cert if necessary.
The site is also mapped to the origin server.
Set the SSL wallet for the Web Cache. To accomplish this, go to Webcache -> Security and enter the SSL wallet location.
Restart OracleAS Web Cache.
Note: The Web Cache restart may fail if it runs out of file descriptors. To resolve this problem, see the Oracle Application Server Web Cache Administrator's Guide. |
For additional OracleAS Web Cache configuration details, see Oracle Application Server Web Cache Administrator's Guide
For information about configuring OracleAS Single Sign-On for OracleAS Web Cache, see the Oracle Application Server Single Sign-On Administrator's Guide, "Deploying OracleAS Single Sign-On with a Proxy Server".
Follow these steps to configure OracleAS Certificate Authority virtual hosts for OracleAS WebCache host and port:
Edit the ocm_apache.conf
file, in the server auth virtual host section, as follows:
Change the ServerName
to Web Cache hostname (instead of the actual OracleAS Certificate Authority host name)
Add a Port directive with Web Cache port for this virtual host. (for example, Port 4600).
Add the following lines:
LoadModule certheaders_module libexec/mod_certheaders.so AddCertHeader HTTPS AddCertHeader SSL_CLIENT_CERT
Comment out the following line:
SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire
Execute the command:
dcmctl updateconfig -ct ohs
Restart Oracle HTTP Server:
opmnctl restartproc type=ohs
On Internet Explorer, you may encounter a bug which you can work around by modifying the $ORACLE_HOME/webcache/internal.xml
file. Insert IEHOSTHEADERBUG=SSO_WEBC_PORT in the <MISCELLANEOUS/> tag, where SSO_WEBC_PORT is the Web Cache port mapped to the SSO port.
Restart OracleAS WebCache.
Note: The Web Cache restart may fail if it runs out of file descriptors. To resolve this problem, see the Oracle Application Server Web Cache Administrator's Guide. |
Enable OracleAS Web Cache for OracleAS Certificate Authority by executing the following command:
$ORACLE_HOME/bin/sqlplus oca/ocadbpass @$ORACLE_HOME/oca/sql/ocabigipon.sql
If you wish to change the host and port of Web Cache sites for OracleAS Certificate Authority, execute this command:
$ORACLE_HOME/oca/sql/ocabigipoff.sql
followed by:
$ORACLE_HOME/oca/sql/ocabigipon.sql
If you need to disable OracleAS Web Cache for OracleAS Certificate Authority, execute this command:
$ORACLE_HOME/bin/sqlplus oca/ocadbpass @$ORACLE_HOME/oca/sql/ocabigipoff.sql